Francois, Thanks for your thoughts. We can certainly add more details if it is unclear.
As a clarification, I don't think we are saying that the current mechanism is necessarily broken (which is why it is not an essential correction, as discussed earlier in the WG). However, we want to allow for the use of this header in deployments that use Digest (with or without TLS; e.g., when integrity protection is provided by other means) and can benefit from its advantages (mutual auth, nextnonce). - S -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francois Audet Sent: Wednesday, June 04, 2008 12:08 PM To: DRAGE, Keith (Keith); [email protected] Subject: Re: [Sip] draft-dotson-sip-mutual-auth-02 I do not believe that this document provide enought justification of what is the problem that is being attempted to be solved, and why it isn't already solved by existing mechanism that are widely implemented (such as TLS). Section 9 (Security Considerations) I believe touches on it a little bit, but it seems both incomplete and out of place. The problem statement needs to be brough forward in the document (say to section 3 or a new section). The scope of applicability of the solution should also be described up-front). I wan't to clarfiy I'm not necessarily against this: I just want the justification to be clearer. The onus should be on this document to clearly demonstrate why what we currently have is broken. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of DRAGE, Keith (Keith) > Sent: Wednesday, June 04, 2008 02:48 > To: [email protected] > Subject: Re: [Sip] draft-dotson-sip-mutual-auth-02 > > (As SIP WG cochair) > > This has been raised in the SIP group a couple of times, and > we have not yet gained an idea of whether to proceed with it > in the SIP WG or not. > > There have been a couple of technical comments raised in the > past from the security experts; my understanding is that > these have now been clarified. > > I believe in the past there has been an interested community > that says this is useful. It has also been clarified that > 3GPP would like to use it in their specifications. > > So could I ask the WG to look at this document, and formally > to indicate whether they believe some work with this scope > should be progressed as a SIP WG item. > > http://www.ietf.org/internet-drafts/draft-dotson-sip-mutual-au > th-02.txt > > So if you support it please indicate to the SIP WG chairs. > > If you have technical concerns (i.e. it should not proceed > because it is technically flawed beyond fixing) then please > ideally mail the list, although the SIP WG chairs will also > accept input. > > Responses please in 1 calendar week from this date. > > Regards > > Keith > > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Stuart Hoggan > Sent: Friday, May 02, 2008 5:15 PM > To: [email protected] > Subject: [Sip] draft-dotson-sip-mutual-auth-02 > > > > Folks, > > > > Based on the feedback received in Philadelphia, we have > updated draft-dotson-sip-mutual-auth. The changes clarify the > usage of the Proxy-Authentication-Info header, including > support for multiple values. > > > > > Any further comments or suggestions will be > appreciated. It would also be nice to obtain WG feedback on > pursuing this I-D as a WG document. > > > > Regards, > > Stuart > > > > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol Use > [EMAIL PROTECTED] for questions on current sip > Use [EMAIL PROTECTED] for new developments on the application of sip > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
